[Fedora-directory-users] mandating SSL-only connections
Susan
logastellus at yahoo.com
Thu Jan 5 18:48:15 UTC 2006
--- Richard Megginson <rmeggins at redhat.com> wrote:
> the openldap ldapsearch -Z does startTLS, which tries to startup a
> secure connection using the non-secure port - basically, so you can have
> ldap listen only to 389 and have SSL/TLS on that port. So then you may
> ask "Ok, that's fine, but how do I disable non-secure connections on
> 389?" I'm not sure how you can do that at the connection level, but at
> the entry level you can set ACIs to allow access only if using SSL/TLS.
Can you give me an example, please? ldapsearch aside, even though SSL is enabled on the server,
everything (including the password) is being transmitted clear text -- I can see it in ethereal
when I try to ssh to an ldap client.
__________________________________________
Yahoo! DSL Something to write home about.
Just $16.99/mo. or less.
dsl.yahoo.com
More information about the Fedora-directory-users
mailing list